Digital Signatures

George Foot georgefoot at oxted.demon.co.uk
Fri, 28 Aug 1998 18:07:33 +0100 (BST) 

Dr, Gladman has kindly suggested that we continue our discussions 
in the Public Forum as some people have expressed an interest in 
earlier exchanges.

This being the case, here are some more observations relating to 
the name "Digital Signature".

A vigorous discussion always helps to expose and clarify matters 
which might otherwise become confused because they convey different 
meanings to different people.

I remember the situation many years ago when Philips technical 
people in Denmark communicated with their opposite numbers in 
Holland using the only common language they had which was English.  
It was discovered that they developed a version of English which 
meant nothing to real English speaking people -- but they 
understood each other very well !

It was very natural for the term "digital signatures" to creep 
into cryptographic glossaries.  

Why "digital" anyway -- that's not really sensible and digital 
plays no part in the concept.  We might just as well talk of 
"analog signatures" -- -- surely the correct reference is to 
"electronic signatures" as distinct from "written signatures".

In the minds of non-technical folk a written signature is 
something which they create themselves and in consequence 
realize that they have undertaken a personal responsibility 
for whatever they have signed.

On the other hand an electronic signature is something which is 
attached to a message by a machine (a computer) and this they 
will not consider a personal responsibility and likely enough 
in a commercial environment they will not even understand the 
procedure or know that it occurs.

Their secretaries bring them letters to sign and even if they sign 
without reading the letters they know they have assumed a 
responsibility.

But nobody brings then an electronic message and asks them to 
add an electronic signature. 

The judge says pointing to a signatire on a cheque: "Mr. Smith 
is that your signature ?" and Mr. Smith has to acknowledge that 
the signature is his.

But when the judge says "Mr. Smith is that your digital signature"
poor Mr. Snith may not even understand the question. In any 
case is it his signature ?  It cannot even be said to be unique 
to him as this so-called electronic signature is probably 
known to many other employees of the firm and may be found at  
many locations within the company.

The dictionary says: Signature. Name, initials or mark written 
with person's own hand as authentication of document or other 
writing".

It is the officials of a company which sign a document, not the 
company.

Why not clear up this confusion and just call the "thing" what it 
really is -- An Electronic Message Identifier".

Any comments welcome.

Regards,

George





I have written an article called "A critique of Public Key 
Cryptosystems" which has the intention of drawing 
attention to practical promlems and stressing the likely 
bevaviour of "common man". This article you will probably criticise 
fiercly and you will have justification for your point of 
view in some respects.  But I declare that if one tries to 
look at the issues from the point of view of the operator one
gets a very different view from that seen by the expert.

Would you like a copy of this article ?  Would you tell 
me whether discussion on the mailing list would be helpful 
in bringing operating aspects of Public Key Syatems to light ?

Would you wish to debate such issues or brush them to one side 
for the time being ?

All good stuff this for debating purposes !  But how should it 
be handled.

Over to you.

George 


On Fri 28 Aug, Brian Gladman wrote:
> Hi George,
> 
> I noted your desire to discuss this subject in private but I don't want to
> do this as the public exchange is useful as a wider educational tool.
> 
> By debating this issue in public we can help to educate a wider community
> about the real properties of digital signatures in the face of a lot of
> misunderstanding.   It is already clear from several messages that I have
> had that a number of people have found our exchanges useful for just this
> purpose.
> 
> If you wish to stop the public debate you can easily do so by not responding
> to my posts - while you do respond, however, expect a public response from
> me if there is anything in what you say that I condiser worthy of further
> clarification.
> 
> I should mention that I did not respond to your interpretation of the
> original RSA paper although I do not agree with it.
> 
>    best regards, Brian
> 
> 
> 
> 
> 

-- 
George Foot
georgefoot@oxted.demon.co.uk
Web Page.  http://www.oxted.demon.co.uk







-- 
George Foot
georgefoot@oxted.demon.co.uk
Web Page.  http://www.oxted.demon.co.uk